1. Field of the Invention
Embodiments of the present invention generally relate to data leakage prevention (DLP) techniques and, more particularly, to a method and apparatus for remediating backup data to control access to sensitive data.
2. Description of the Related Art
In a typical computing environment, small to large enterprises accumulate a significant amount of computer data due to various operations (e.g., business transactions, administration, resource management, manufacturing, providing services, and/or the like). As such, the computer data is stored in various storages (e.g., a tape drive, a hard disk drive and/or the like). For example, the computer data may be backed up as a backup image on backup storage that is controlled and/or monitored by backup software. Further, the computer data may include sensitive data (e.g., trade secrets, legal documents, fiscal policies, employee's personal data (e.g., social security number, credit card number), development plans, intellectual property, critical business strategies and the like). As a result, it is highly desirable to prevent any unauthorized access and/or loss of the sensitive data.
Currently, various types of data leakage prevention (DLP) software are employed to detect and prevent the leakage of the sensitive data stored within the storage. Generally, the DLP software scans the data (e.g., a backup image) stored in the storage to determine if the storage includes the sensitive data. Consequently, on determining the sensitive data, the DLP software remediates the data by transferring it to a separate storage (e.g., remediation store).
Further, the backup image includes various data objects, which may include the sensitive data. However, the DLP software transfers the entire backup image to the remediation store, instead of transferring the one or more data objects. As a result, the entire backup image is remediated even if only a portion (e.g., one or more data objects) of the backup image contains the sensitive data.
Additionally, the DLP software provides access credentials to one or more DLP administrators that permit to access the remediated data (e.g., remediated backup image). As a result, the remediated data is inaccessible to backup administrators. As such, computer data remediation requires additional storage resources (e.g., the remediation store) that are needed to be administered separately. Hence, backup software and the DLP software cannot interact and provide access to the remediated data objects. As result, the backup administrator needs to manually communicate with the DLP administrators in order to access the remediated backup image. Subsequently, a significant amount of time and resources may be consumed in order to access the remediated backup image. Moreover, longer access times coupled with restricted access to the remediated backup image may adversely affect backup related operations, such as data restoration, data duplication, data retention and/or the like.
Therefore there is a need in the art for a method and apparatus for efficiently remediating backup data to control access to sensitive data manner and without an additional remediation store.